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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)S Responsive to communication(s) filed on 21 April 2005 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
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4) ^ Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

1 0)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 
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1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

* Response to Amendment 
This office action is in response to amendment filed on 04/25/05. Applicant amended 
Claims 1, 5 and 7-9. The amendment filed on 04/25/05 have been entered and made of record. 
Therefore, presently pending claims are 1-16. 

Response to Arguments 

Applicant's arguments filed 04/25/05 have been fully considered but they are not 
persuasive because of following reasons. 

Applicant argued that Bowman- Amuah does not teach an audit subsystem and process, 
an integrity subsystem and process, and information control subsystem and process. The new 
grounds of rejection provided below address these limitations. In response to applicant's 
argument that the references fail to show certain features of applicant's invention, it is noted that 
the features upon which applicant relies (i.e., an audit subsystem and process, an integrity 
subsystem and process, and an information control subsystem and process, all being integrated in 
a second system which determines the overall security properties (emphasis added)) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

In regards to claims 8-9, in response to applicant's argument that the references fail to 
show certain features of applicant's invention, it is noted that the features upon which applicant 
relies (i.e., applying a ranking of security threats to any other subsystem of a software 
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development system (emphasis added)) are not recited in the rejected claim(s). Although the 
claims are interpreted in light of the specification, limitations from the specification are not read 
into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Claim Rejections - 35 USC §103 

Claim 1-7 and 10-16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bowman-Amuah (6,405,364 Bl) in view of Alsberg (4,672,572). 

In reference to claim 7, Bowman-Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2), the steps of the method comprising: identifying the security threats to the 
solution (column 18 lines 30-36); determining the security properties of the overall solution 
(column 49 line 66 to column 50 lines 53), Bowman-Amuah lists the properties provided by the 
components of the overall security solution; assigning selected security properties for the overall 
solution to components of the solution (column 124 lines 33-35), since the system requires 
security through out the system and therefore security properties need to be embedded in 
components of the solution; enumerating security requirements for infrastructure, components 
and operations (column 50 line 54 to column 51 lines 14); developing integrity requirements 
(column 18 lines 32-36). 

Although Bowman-Amuah does not disclose creating a functional technology diagram, 
Bowman-Amuah does disclose documenting the process (column 17 lines 64-67), which 
performs the function of the functional technology diagram. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the functional technology diagrams. One of ordinary skill in the art would 
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have been motivated to do this because functional requirement diagrams capture the intended 
behavior of the system as shown in the documentation of the process that indicates the intended 
behavior; information that can later be used for testing. 

Bowman-Amuah does not expressly disclose the security subsystem that includes an 
audit subsystem, an integrity subsystem, and an information flow control subsystem. 

Alsberg discloses a protector device for enhancing security (abstract). The system 
includes an audit subsystem (column 6 lines 33-65), an integrity subsystem (column 7 lines 1- 
10), and an information flow control subsystem (column 8 lines 13-63). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include audit subsystem, integrity subsystems, and information flow control 
subsystems as in Alsberg in the system of Bowman-Amuah. One of ordinary skill in the art 
would have been motivated to do this because auditing potentially sensitive material, integrity 
subsystems, and controlling the information flow would increase the security of the system. 

In reference to claim I, Bowman-Amuah discloses a system and method for building 
systems in a development architecture framework wherein security is integrated into the solution 
(abstract and fig. 2). The system for analyzing a solution including a plurality of components 
comprising: a first system, which identifies the security threats for the solution (column 18 lines 
30-36); a second system, which identifies the security properties of the overall solution based on 
a set of security functions attributable to defined security subsystems (column49 line 66 to 
column 50 line 53); a third system which is coupled to the second system and which allocates 
security properties to the components of the solution based upon the selected functions which are 
derived from the nature and number of the security subsystems within the solution (column 51 
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lines 1-25); a fourth system which is coupled to the third system for allocating the security 
properties to the components of the solution and which identifies functional requirements for the 
components, in terms of the Common Criteria, in order to comply with the security properties of 
the component allocated by the third system (column 124 lines 33-35); 

Bowman-Amuah does not expressly disclose the system documenting the requirements 
for the security component, however Bowman-Amuah does discloses documentation of the 
process (column 17 lines 64-67), wherein the process satisfies the requirements the requirements 
and the process are related matter. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to document the requirements for the security component. One of ordinary skill in 
the art would have been motivated to do this because information that can later be used for 
testing wherein tests would be tailored to verify that the documented requirements have been 
satisfied. 

Bowman-Amuah does not expressly disclose the security subsystem that includes an 
audit subsystem, an integrity subsystem, and an information flow control subsystem. 

Alsberg discloses a protector device for enhancing security (abstract). The system 
includes an audit subsystem (column 6 lines 33-65), an integrity subsystem (column 7 lines 1- 
10), and an information flow control subsystem (column 8 lines 13-63). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to include audit subsystem, integrity subsystems, and information flow control 
subsystems as in Alsberg in the system of Bowman-Amuah. One of ordinary skill in the art 
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would have been motivated to do this because auditing potentially sensitive material, integrity 
subsystems, and controlling the information flow would increase the security of the system. 

In reference to claim 2, wherein the second system, which identifies security properties 
of the overall solution, includes a component that uses standard security subsystems for 
identifying security properties (column 49 line 66 to column 50 lines 53). 

In reference to claim 3 wherein the standard criteria for identifying security properties 
includes a system which maps functions of standard security subsystems to an ISO standard 
1 5408 also known as Common Criteria. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 4, wherein the system further includes a system that documents the 
solution and the security assumptions using a solution design security methodology (column 2 
lines 30-43). 

In reference to claims 5 and 1 1- 12, wherein the integrity subsystem provides integrity 

requirements using a standard set of criteria. 

Alsberg discloses the integrity subsystem providing integrity requirement (part 76 Fig. 5) 
At the time the invention was made, it would have been obvious to a person of ordinary 

skill in the art to provide the integrity requirements as in Alsberg in the system of Bowman- 
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Amuah. One of ordinary skill in the art would have been motivated to do this because the audit 
subsystem gives a view of the system which allows the system to be analyzed and changed to 
make it more secure. 

In reference to claim 6 wherein the standard set of criteria are in accordance with ISO 

15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 10, wherein the method further includes the step of documenting the 
solution environment and security assumptions and using the environment and security 
assumptions in developing the security properties of the overall solution (column 17 lines 64-67). 

In reference to claim 13 wherein the step of determining the security properties of the 
overall solution includes the step of using the Common Criteria of ISO Standard 15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 
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In reference to claims 14-15 wherein the step of using industry standard security criteria 
includes the step of using Common Criteria, which conforms to ISO Standard 15408. 

Although Bowman- Amuah discloses the use of standards, Bowman- Amuah does not 
expressly disclose the use of industrial standards. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use industrial standards. One of ordinary skill in the art would have been 
motivated to do this because it would make the device compatible with other devices in the 
industry. 

In reference to claim 16, wherein the step of enumerating security requirements for 
infrastructure components and operations includes the step of identifying, enumerating and 
describing a number of standard security subsystems that in total represent the security function 
of the solution (column 49 line 66 to column 50 lines 53). 

Claims 8-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bowman- 
Amuah in view of Alsberg as applied to claim 7 above, and further in view of Leighton et al 
(5,519,778). 

In reference to claim 8, Bowman- Amuah does not disclose ranking the security threats to 
the solution and considering the biggest threats to the security. 

Leighton discloses categorizing (ranking) the security levels and therefore threats 
(column 6 lines 36-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
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One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 

In reference to claim 9, Bowman- Amuah does not disclose the step of ranking the 
security threats to the solution includes the step of doing less for security threats not considered 
substantial threats to the solution. 

Leighton discloses a hierarchy of security protection and therefore grading security needs 
(column 6 lines 37-67) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to categorize the security levels as in Leighton in the system of Bowman- Amuah. 
One of ordinary skill in the art would have been motivated to do this because increasing security 
can reduce the performance of the system therefore by using less security for threats that are 
considered lower security increases in performance can be achieved. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Jablon 5,421,006 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. ' . 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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The 2100 Tech center will move to Carlyle in October 2004. The new telephone number 
for the receptionist is (571) 272-2100. The examiner's new telephone number will be (571) 272- 
3854. 



PWK 

Monday, July 1 1, 2005 ^ yy 
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